cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1163
Views
1
Helpful
8
Replies

Limit Jabber to specific endpoints

rm760
Level 4
Level 4

Hello

I have been asked if it is possible to limit Jabber registrations to devices provided by the employer.  If such is possible, I would appreciate any direction given. 

8 Replies 8

skilambi
VIP Alumni
VIP Alumni

Ron

Today there isn't a perfect solution for this, user based policy enforcement and that too broken down by modality of communication like IM vs voice/video is on the roadmap. You can however use cert based auth with x8.9 and if you don't have the cert you won't login

Planning Guide for Cisco Jabber 11.7 - User Management [Cisco Jabber for Windows] - Cisco

Srinivasan

I did read this, but interpreted it to mean that the user would no longer require credentials.  Is this correct?

Also allow me to add this is an on premise non cloud install

Yes uses expressway and your MDM solutions to push cert and of course UCM

Thanks

Srini

The cert would identify the user so yes it's basically SSO with certs

Thanks

Srini

Srinivasan

I have enabled SSO on VCS-E, VCS-C, and call manager.  VCS is set for exclusive MRA mode. SSO IdP is ADFS 2.0.  USers are logging in via SSO.  They can still use personal devices without certs on them to login just by knowing their AD credentials.  Do I need to expand the relay or CoT to include the CA cert provider?  If so please do detail how to go about doing so. 

Ron

Not sure since I don’t have a client who has deployed it yet. Maybe a case for TAC to check if this is working as designed. You would think without the certificate, the client won’t be allowed to login, if they found your password but I am not sure. I know more security policies through expressway are being planned like controlling user group access by type of communication but that shouldn’t stop this from working. Let me know what was the end result though?

Srini Kilambi

Srini

I am thinking now along the lines of the IdP processing.  Currently we are only doing form validation for credentials via Microsoft ADFS 2.0.  I believe going to ADFS 4.0 and incorporating certificate validation is going to be the next step.